Data Platform Organizational Structure as an Instrument to Personal Information Protection Compliance
The processor of personal information is the primary party responsible for personal information protection.In order to contribute to the implementation of this primary responsibility,the Personal Information Protection Law stipulates that data platforms shall appoint personal information protection officers,establish personal information protection compliance systems according to state regulations,and establish an independent body composed mainly of outside members to supervise personal information protection circumstances.The intervention of the state in the organizational structure of data platforms promotes the formation of a new regulatory model for personal information protection compliance,which has important research value in analyzing the theoretical basis and intervention limits of this regulatory model.The research first adopts normative analysis methods to categorize the reshaping of the organizational structure of data platform by the state,and then explores in an innovative manner the limits and logic of the organizational obligations by using the principles of proportionality and consistency derived from the empirical research results.Due to the fact that external behavioral norms cannot guarantee the utilisation,on the part of data platforms,of their cognitive advantages to achieve risk management in personal information protection,the state puts into practice the organizational norms to develop the internalization of corporate compliance with personal information protection.In the process of continuous intervention in the autonomy of data platform operations,private intervention obligations lack explanatory capacity as a consequence of the focus on the relationship of responsibility.This is mainly influenced by the fact that traditional state intervention is substantial and specific,while the reshaping of corporate rational structures by legislators is realised by impacting the decision-making process of enterprises in order to change their future decision-making logics.The classical principle of proportionality is developed on empirical predictions.By examining the shaping of the organizational structure of data platforms by legislators with the assistance of this traditional fundamental rights protection mechanism,it can be observed that it lacks the delicate regulatory power that once existed when state intervention was direct.In terms of legitimate purposes,the goals listed by legislators are very abstract.Since it is not yet clear how organizational norms work and to what extent they truly deliver public interest,it is difficult to measure in an accurate way the utility of intervention measures in promoting legitimate purposes.In order to better examine the obstructive effects caused by the state's reshaping of corporate rational structures,content examination should start from the objective dimension of fundamental rights and strengthen it with the requirement of consistency.This means that the organizational structure requirements proposed by the state for data platforms on the basis of risk pathways must not only undermine the cognitive potential of enterprises,thereby hindering their own logic,but also ensure that the actions of enterprise organizations are guided by personal information protection.According to the requirement of consistency,it is advisable that lawmakers make supplementary provisions on the organizational obligations that data platforms should undertake in the Personal Information Protection Law.The transformation of the risk regulatory model presents challenges to the review tools of traditional administrative law,and contemporary administrative law should conduct more in-depth and all-inclusive research on the institutional arrangements for coordinating different participants with different behavioral logics.After all,compared with directly regulating external behaviors of enterprises,realizing the public interest by regulating their internal organizational structures places higher demands on legislators.
corporate organizationpersonal information protectionprinciple of proportionalityrequirement of consistency
NETL
NSTL
万方数据
